15257 matches found
LILIN Digital Video Recorder 安全漏洞
LILIN Digital Video Recorder is a video recorder from LILIN Corporation of Taiwan, China. A security vulnerability exists in LILIN Digital Video Recorder versions prior to 2.0b6020200207, which stems from a failure of the web service in /z/zbin/dvrbox to properly clean up the inputs to the Server...
CVE-2025-34116
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...
CVE-2025-34068
An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...
CVE-2025-34068 Samsung WLAN AP WEA453e < 5.2.4.T1 Unauthenticated RCE via command1 and command2 Parameters
An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...
CVE-2025-34068
Samsung WLAN AP WEA453e is affected by an unauthenticated remote command execution vulnerability in firmware before 5.2.4.T1. The issue stems from improper input validation in the Tech Support diagnostic function, where the command1/command2 POST or GET parameters accept arbitrary shell commands ...
CVE-2025-34116
IPFire before 2.19 Core Update 101 is vulnerable to remote command execution via the proxy.cgi CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted NCSA user creation fields, leading to command execution with web server privileges. Remediation: update to IP...
CVE-2025-34116 IPFire < 2.19 Core Update 101 proxy.cgi RCE
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...
CVE-2025-34116
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...
SAMSUNG WLAN AP WEA453e 安全漏洞
The SAMSUNG WLAN AP WEA453e is a wireless LAN access point from Samsung South Korea. A security vulnerability exists in the SAMSUNG WLAN AP WEA453e prior to version 5.2.4.T1, which stems from improper validation of inputs to the Tech Support diagnostic function, which could lead to remote command...
PT-2025-29557 · Ipfire · Ipfire
Name of the Vulnerable Software and Affected Versions: IPFire versions prior to 2.19 Core Update 101 Description: A remote command execution issue exists in IPFire due to a flaw in the proxy.cgi CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in...
PT-2025-29544 · Samsung · Samsung Wlan Ap Wea453E
Name of the Vulnerable Software and Affected Versions: Samsung WLAN AP WEA453e versions prior to 5.2.4.T1 Description: An unauthenticated remote command execution issue exists due to improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET...
IPFire 安全漏洞
IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in IPFire that stems from improper validation of proxy.cgi interface inputs, which could lead to remote command execution...
The vulnerability of the IBM Storage Scale cluster file system, related to the lack of data cleaning measures at the management level, allows attackers to escalate their privileges and execute arbitrary commands.
The vulnerability of the IBM Storage Scale cluster file system is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands remotely...
Erlang/OTP SSH Server Unauthenticated Remote Command Execution (CVE-2025-32433) (Direct Check)
Binary data erlangotpsshCVE-2025-32433.nbin...
PT-2025-29408 · Hgiga · Isherlock
Name of the Vulnerable Software and Affected Versions: iSherlock affected versions not specified Description: The iSherlock software by Hgiga contains an OS Command Injection vulnerability. This allows unauthenticated remote attackers to inject and execute arbitrary OS commands on the server. Thi...
VulnCheck KEV: CVE-2025-34068
An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are...
VulnCheck KEV: CVE-2025-28036
TOTOLINK A950RG V4.1.2cu.5161B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...
CVE-2025-34095
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...
Exploit for OS Command Injection in Progress Loadmaster
CVE-2024-1212 - Progress Kemp LoadMaster Unauthenticated Comma...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
CVE-2022-1388 - F5 BIG-IP iControl REST Authentication Bypass...